A financial services company is deploying McAfee NSP Sensors in a high-availability (HA) pair to protect a critical database segment. The primary requirement is to ensure that in the event of a power failure to a single Sensor, traffic flow is maintained with zero downtime, even if it means traffic passes uninspected for a brief period. Which HA configuration and deployment mode should the administrator implement?
An administrator observes that the NSP Manager is not receiving alerts from a newly deployed Sensor, although health status indicates the Sensor is online. Firewall logs show that traffic on TCP port 8502 from the Sensor to the Manager is being permitted. What is the most likely cause of this issue?
A security analyst needs to create a policy to detect and block attempts to exploit a custom, in-house web application. The exploit involves sending a specific 16-byte hexadecimal string within the URI of an HTTP GET request. Which NSP feature provides the most precise and efficient method for creating a rule to identify this specific threat?
A global enterprise uses Administrative Domains to segregate management of NSP policies by region (e.g., 'Americas', 'EMEA', 'APAC'). The global security team needs to enforce a baseline security policy that applies to all regions and cannot be modified by regional administrators. What is the correct approach to achieve this? (Select TWO)
True or False: When an NSP Sensor is deployed in L2 Transparent Bridge mode, its monitoring ports are assigned IP addresses for management and routing purposes.
**Case Study:** A rapidly growing e-commerce company, 'SwiftCart', is experiencing performance degradation on its M-series NSP Sensor that protects its primary web server farm. The Sensor's CPU utilization frequently spikes to 100% during peak business hours. A review of the applied policy shows that it contains over 5,000 enabled attack signatures, including many for protocols not used in their environment (e.g., SCADA, industrial control systems). The security team's primary goal is to reduce the CPU load on the Sensor without compromising the security of their web applications. They have a secondary goal of improving the accuracy of alerts to reduce analyst fatigue. The network consists of standard HTTP/HTTPS, SQL, and DNS traffic. Which strategy should the security team implement to best achieve their goals?
During a vulnerability scan, an administrator notices a large number of 'TCP Port Scan' alerts in the Threat Explorer originating from their internal vulnerability scanner's IP address. This is expected behavior, but it is cluttering the alert view for the security operations team. What is the BEST PRACTICE to handle these specific alerts without affecting the detection of real port scans from other sources?
An administrator is configuring a new NSP Manager and needs to integrate it with the company's Active Directory for user authentication. The goal is to allow network administrators, who are members of the 'NSP-Admins' AD group, to log in to the NSP Manager with their domain credentials. Which component must be configured in the NSP Manager to facilitate this?
A network architect is designing a security solution for a data center using the following topology. The goal is to inspect all traffic between the Web/App tier and the Database tier for potential threats. ``` Internet | [Firewall] | [Core Switch] / [Web/App Tier] [Database Tier] (10.10.10.0/24) (10.10.20.0/24) ``` Given that the traffic between these two tiers is high-volume and low-latency is critical, what is the most appropriate deployment mode and location for the NSP Sensor?
What is the primary function of the 'Botnet Controller and Infected Host' callback detection feature in McAfee NSP?